CONFIGURING FTP IN ISOLATION MODE (IIS6)

(WINDOWS SERVER 2003)

1. Installing IIS6 FTP on Wino!s S"#$"# %&&'(
If using the new style Start menu: li!" #n $Start%& $#ntr#l 'anel%& $()) #r Rem#*e 'r#grams% an) sele!t the
$())+Rem#*e Win)#ws #m,#nents% ta- #n the left.han) si)e/
If using the 0lassi!0 style Start menu: li!" #n $Start%& $Settings%& $#ntr#l 'anel%& $()) #r Rem#*e 'r#grams% an)
sele!t the $())+Rem#*e Win)#ws #m,#nents% ta- #n the left.han) si)e/
In the $Win)#ws #m,#nents Wi1ar)%& highlight the $(,,li!ati#n Ser*er% an) ,ress the $Details% -utt#n/ 2he s!reen
-el#w will -e )is,laye) (3ig 4)/
Fig)#" 1 * T+" A,,li-ation S"#$"# S-#""n
5ighlight the $Internet Inf#rmati#n Ser*i!es (IIS)% #,ti#n an) ,ress $Details% (as sh#wn in 3ig 4 a-#*e)/


Fig)#" % * T+" Int"#n"t In.o#/ation S"#$i-"s (IIS) S-#""n
On the ne6t s!reen (3ig 2 a-#*e) we highlight $3ile 2ransfer 'r#t#!#l (32') Ser*i!e%/
li!" $O7% t# !l#se ea!h win)#w an) $Ne6t% t# install the newly.sele!te) !#m,#nents/ 8#u will -e as"e) t# insert y#ur
Win)#ws Ser*er 2003 )is"/ li!" $3inish% #n!e the installati#n is !#m,lete/
8#u ha*e n#w installe) the 32' ser*i!e/



Fig)#" ' * S"tting ), 0o)# FTP Root Di#"-to#0
%. T+" FTP Root Di#"-to#0

In #r)er t# use 32' in 0Is#lati#n0 m#)e& we nee) t# !#nstru!t the 32' R##t s# that users are 0Dr#,,e)0 int# their
!#rre!t h#me )ire!t#ry/
2he stru!ture illustrate) a-#*e !#ntains tw# su-)ire!t#ries& 0l#!aluser0 an) my )#main 0sim#ngi-s#n0 whi!h !#ntain
h#me )ire!t#ries f#r ea!h user/ 2hese user su-.)ire!t#ries must mat!h their res,e!ti*e username e6a!tly/ If n#t& the
user will n#t -e a-le t# l#g #nt# y#ur 32' ser*er/
reate the )ire!t#ry stru!ture a-#*e t# mat!h y#ur !#nfigurati#n/ 2he 032'R##t0 )ire!t#ry !an -e ,la!e) anywhere #n
y#ur system/



Fig)#" 1 * W+"#" to .in t+" IIS Manag"#
'. W+"#" to .in t+" IIS Manag"#(
If y#u are using the new style Start menu& y#u !an rea!h the Internet Inf#rmati#n Ser*i!es !#ns#le -y !li!"ing $Start%&
$()ministrati*e 2##ls% an) sele!ting $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m the list in figure : a-#*e/
If y#u are using the $lassi!% style Start 9enu& y#u !an rea!h the !#ns#le -y !li!"ing $Start%& $'r#grams%&
$()ministrati*e 2##ls% an) sele!t $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m the list in figure : a-#*e/




Fig)#" 2 * R"/o$ing t+" D".a)lt FTP Sit" in IIS 6
1. R"/o$ing t+" D".a)lt FTP Sit" in IIS 6(
2he first tas" is t# rem#*e ()elete) the Default 32' Site/ 2his site )#es n#t use Is#lati#n an) mat!hes IIS; 32' sites in
terms #f fun!ti#nality an) se!urity/ (s we are g#ing t# use Is#lati#n& we will nee) t# !reate a fresh 32' site/
Sim,ly right.!li!" #n the Default 32' Site an) ,ress 0Delete0 in the menu that a,,ears/




Fig)#" 6 * C#"ating a .#"s+ FTP Sit" in IIS.
2. C#"ating a .#"s+ FTP sit"(
2# !reate a new 32' site& sim,ly right.!li!" #n 032' Sites0 an) sele!t 0New0 an) 032' Site///0/ 2hen& ,ress 0Ne6t0 t#
-egin the 32' Site reati#n Wi1ar)/




Fig)#" 3 * FTP Sit" C#"ation Wi4a#( FTP Sit" D"s-#i,tion
6. FTP Sit" C#"ation Wi4a#( FTP Sit" D"s-#i,tion
2his is the name that will a,,ear in the 032' Sites0 list in IIS/ I<m g#ing t# use my imaginati#n an) !all this site 032'0/
li!" Ne6t/




Fig)#" 5 * FTP Sit" C#"ation Wi4a#( IP A#"ss an Po#t S"ttings
3. FTP Sit" C#"ation Wi4a#( IP A#"ss an Po#t S"ttings
Sim,ly sele!t y#ur ser*er<s I' a))ress fr#m the list (this is usually the #nly #ne liste))/
8#u !an als# !hange the 2' '#rt if re=uire) -ut this is n#t re!#mmen)e)/
li!" Ne6t/




Fig)#" 6 * FTP Sit" C#"ation Wi4a#( FTP Us"# Isolation
5. FTP Sit" C#"ation Wi4a#( FTP Us"# Isolation
2his s!reen all#ws y#u t# !h##se the ty,e #f Is#lati#n y#u want t# use:.
0D# n#t is#late users0
(lth#ugh this #,ti#n all#ws users t# -e 0)r#,,e)0 int# their #wn h#me )ire!t#ry (if #ne e6ists un)er the 32' r##t that
e6a!tly mat!hes their username)& it<s NO2 a-le t# st#, them m#*ing u, #ut #f their )ire!t#ry an) int# th#se -el#nging
t# #ther users/
0Is#late users0
2his #,ti#n Is#lates users -ase) #n the )ire!t#ry stru!ture un)er the 32' r##t )ire!t#ry (see Ste, 2)/ 2his is the
easiest #f the tw# Is#lati#n meth#)s an) the meth#) we will use in this tut#rial/
0Is#late users using (!ti*e Dire!t#ry0
2his #,ti#n Is#lates users -y getting their 032' 5#me Dire!t#ry0 fr#m the (!ti*e Dire!t#ry/ 2he a)*antage #f this is that
new users !an -e a))e) with#ut the nee) t# m#)ify y#ur 32' site/ 5#we*er& the 032' 5#me Dire!t#ry0 !an n#t -e
entere) using the (!ti*e Dire!t#ry sna, in an) must -e !#nfigure) fr#m the !#mman) line -y using a V>S!ri,t utility/
(s sh#wn in 3igure ? a-#*e& sele!t 0Is#late @sers0 an) ,ress 0Ne6t0/



Fig)#" 1& * FTP Sit" C#"ation Wi4a#( FTP Sit" Cont"nt Di#"-to#0
6. FTP Sit" C#"ation Wi4a#( FTP Sit" Cont"nt Di#"-to#0
2his ste, )efines the 32' R##t )ire!t#ry/ Sele!t the 32' R##t )ire!t#ry y#u !reate) in Ste, 2 (3igure 3)/




Fig)#" 11 * FTP Sit" C#"ation Wi4a#( FTP Sit" A--"ss P"#/issions
1&. FTP Sit" C#"ation Wi4a#( FTP Sit" A--"ss P"#/issions
2his ste, all#ws y#u t# )efine rea) #r write a!!ess f#r y#ur 32' site/ In this !ase& I inten) t# all#w files t# -e u,l#a)e)
s# I<*e ti!"e) the 0Write0 -#6/
li!" Ne6t then !li!" 3inish t# !#m,lete the Wi1ar)/
8#ur 32' Site is n#w rea)y f#r use/ 2# test it& sim,ly #,en Internet E6,l#rer an) enter the @RA ft,:++4?2/4BC/0/4 (#r
y#ur Ser*er<s I' a))ress if )ifferent)/ 8#u sh#ul) then l#g in an) -e aut#mati!ally 0Dr#,,e)0 int# y#ur h#me )ire!t#ry/


Mastering IIS FTP - Part 2 - Virtual
Directories/Physical Directories
In Part 1 we covered ways to use the hidden power of Microsoft's FTP server product.
We talked about ways to leverage virtual directories along with Windows user accounts.
Today I want to take this one step further and discuss how to work with the II FTP
!uirks with using virtual directories as . . . yes" virtual directories. #ecause Microsoft has
this uni!ue way to utili$ing virtual directories to offer %ore control" it also %eans that
si%ply using virtual directories for their original purpose isn't as obvious as it should be.
Rule #3: A Virtual Directory created in IIS FTP isn't seen by a FTP program
If we want to create a virtual folder that points to a different location on a server" one of
the first things we will notice is that if we create the virtual directory in II FTP and then
use a FTP client to log in" we won't see the folder&& We can use 'hg(ir if our FTP client
supports it and type in the na%e of the vdir but that's often ti%es not good enough. We
want to actually see it.
)et %e e*plain it further. 'onsider the following folder structure where
d+,do%ains,%ysite, is the FTP root path+
d+,do%ains,%ysite,
d+,do%ains,%ysite,i%ages,
d+,do%ains,%ysite,bin,
d+,do%ains,%ysite,ad%in,
-ow" let's create a virtual directory in II FTP called downloads which will point to+
e+,downloads,
When we log into our FTP account" we will see images" bin and admin but we won't see
downloads.
Why is that? ince virtual directories aren't always used for their original purpose" as
we saw in Part 1" they don't auto%atically appear. The other reason is that FTP progra%s
will scan the files and folders on disk to deter%ine what to display. ince virtual
directories don't reside at the folder level" they won't be shown with the rest of the
folders.
So what do we do? Fortunately the solution is si%ple.
Tip #: !reate an empty "p#ysical$ directory to #a%e a "%irtual$ directory appear in a
FTP program
ince the FTP client progra% will check for files and folders on disk" si%ply create an
e%pty folder on disk where the virtual directory should show up. In %y e*a%ple above"
it %eans creating an e%pty folder called d+,do%ains,%ysite,downloads,. -ow" after you
log into this FTP account with your FTP progra%" you will see images" bin" admin and
downloads. If you double click on downloads you will be taken to e+,downloads because
the virtual directory in II FTP will take precedence.
Rule #&: I' bot# a Virtual Directory and P#ysical Directory e(ist) t#e Virtual Directory
ta*es precedence
In %y e*a%ple above" I've created a .virtual. folder which redirects to another location
on the server" and a .physical. folder so that it will show up in %y FTP progra%. /ven if
I put files in the e%pty downloads folder" I won't be able to access the% by double
clicking on the downloads folder. Instead of being directed to
d+,do%ains,%ysite,downloads, 0physical folder1 I will be directed to e+,downloads,
0virtual folder1.
In su%%ary" when creating a virtual directory that should show up in the FTP client
progra%" %ake sure to create an e%pty physical directory to %atch.
In Part 1 we covered working with 2irtual (irectories and Windows 3sers. In this Part
we covered working with 2irtual (irectories and Physical (irectories. In Part 4 and Part
5 we will cover II6 3ser isolation 0and why I don't use it1 and so%e tricks for %ore
advanced configurations.
Mastering IIS FTP - Part - !edirecting
"sers
Part +: ,anaging multiple users -it# one IP Address
In choosing which software to use for %anaging the server7side of FTP" often ti%e people
don't use Microsoft's FTP progra% because they think that it's too si%ple or they think
that it doesn't do what they want. I'% going to atte%pt to reveal so%e of the hidden but
powerful features that e*ist with Microsoft's FTP progra%. 3nderstanding 8ust a couple
basic concepts and putting those concepts to good use will open up a new world of
possibility.
I'% not trying to convert the %any people that are using another FTP progra% or try to
say that Microsoft's is better. I don't work for Microsoft and I'% not being paid to
endorse their product. #ut for those that aren't happy with their current solution" want to
utili$e Microsoft FTP better or are diving into this fresh" read on.
I'% assu%ing that you are so%ewhat fa%iliar with using Microsoft II 9 FTP. The 1:
second description for those co%ing in brand new is+ For those running a version of
Windows that includes II 0Internet Infor%ation ervices1" you already have Microsoft
FTP available to you. This is included in Windows -T9;:::9;::49<P. /*cept for
Windows -T" use the II snap7in found in tart 7= >d%inistrative Tools 7= Internet
Infor%ation ervices. If you don't have that installed" it can be installed fro%
>dd9?e%ove Progra%s in the control panel. For so%e people using Windows <P you
won't see >d%inistrative Tools off your tart Menu. @ou can still find the% in your
control panel. For those wondering what FTP %eans" you've probably stu%bled across
the wrong article.
)et's get started+
Rule #+: I' .%irdir name / user name0 T#en .pat# o' %irdir ta*es a''ect0
-ow" what does that %eanA Microsoft FTP" which I'll call M FTP after this" doesn't
have an interface like %ost of us would e*pect" where you can add a user and point to a
particular folder. Instead" it has a strange way of handling this. If the 2irtual (irectory
na%e is e*actly the sa%e as a Windows 3sers" then the 2irtual (irectory will .catch. the
user rather than the root FTP account.
Bf course" if you have lots of IP addresses" you can assign one IP address per user and
setup %ultiple sites and then rely on the -TF per%issions to grant or deny access to
particular sites. 0-ote+ Windows <P only allows 1 FTP site.1 #ut" even if you do this"
there %ay co%e a ti%e when you want to use the sa%e IP address for %ultiple users who
will be destined for different locations. For those trying to run a web server with %ultiple
sites and one IP address" you'll benefit the %ost fro% this rule. )et %e start with an
e*a%ple+
)et's say you have this directory structure+
(+,do%ains,site1.co%
(+,do%ains,site;.co%
(+,do%ains,site;.co%,graphics
>nd you have 4 users.
7 Mike needs access to the root of site1.co%
7 ue needs access to the root of site;.co%
7 Coe needs access to the graphics folder of site;.co%
I'll repeat %yself because I feel this is i%portant. The trick with M FTP is that if the
2irtual (irectory na%e is the sa%e as a Windows 3serna%e" the user will be DcaughtD by
the 2irtual (irectory and directed to the folder specified in the 2irtual (irectory.
Example in MS-FTP
#ehind the scenes" the .MikeE 2irtual (irectory is pointing to (+,do%ains,site1.co%" ue
is pointing to (+,do%ains,site;.co% and Coe is pointing to
(+,do%ains,site;.co%,graphics.
7 If you logged in as Mike" then the Mike virdir would DcatchD it and you would be
dropped into the (+,do%ains,site1.co% folder.
7 a%e with Coe or ue. They would be caught by their corresponding 2irtual
(irectories.
-ow" let's say you had another user called Cane. If you logged in as Cane then the settings
on the .(efault FTP ite. will handle her because there isn't a 2irtual (irectory to
.catch. her and direct her elsewhere.
Rule #: T#e username used to log in needs 1ist permissions to t#e root FTP site
'older
/ven if the 2irtual (irectory is pointing to a different location" the user that is logging in
always needs )ist per%issions to the folder specified in .(efault FTP ite.. @es" it see%s
strange" but even in II6" this is still the case.
o" each user %ust have read9write per%issions" (+,do%ains,site1.co% needs read9write
for Matt. (+,do%ains,site;.co% needs read9write for ue.
(+,do%ains,site;.co%,graphics needs read,write for Coe. This is the obvious part.
The none obvious consideration is if the path of .(efault FTP ite. was (+,do%ains then
that folder needs D)istD per%issions for all 4 users. Btherwise they won't be able to log in
at all.
Tip #+: Set t#e root FTP account to a dummy location i' assigning multiple users
If the path of the .(efault FTP ite. is (+,do%ains then you have a fairly large security
issue with this setup. If you log in as Mike for e*a%ple" you'll have the option to %ove
up a folder 0..1 0well" %ost FTP progra%s will give you that option1. If you do" you'll be
dropped into the folder of the .(efault FTP iteE root. 0d+,do%ains1. >s I 8ust %entioned"
you are forced to give )ist per%issions for all users which %eans that every user can
view the na%es of all the sites. If you ever slip up and give too %any per%issions at the
-TF level your users can potentially access other people's sites.
Fortunately there is an easy solution. Cust consider your Master FTP ite root a du%%y
location that isn't %eant to be used for anything practical. Point it to
d+,ftproot,du%%yfolder or so%ething like that. 0I call %ine 'deadend'1. Five )ist
per%issions to the /veryone group on that folder and %ake sure it's co%pletely e%pty.
-ow" you've solved the security issue. If Mike connects with their FTP progra% and
%oves up a folder or does a chgdir to ',' he will dropped into d+,ftproot,du%%yfolder
which is co%pletely e%pty. @ou'll never have to worry about users gaining access to
d+,do%ains which is a folder that you want to keep your users out of.
>nd" in all this" don't forget that every user that will be logging into your FTP account
needs to have a 2irtual (irectory assigned or else they will i%%ediately be placed into
the du%%yfolder location.
I've covered %anaging %ultiple users with a single IP address" re!uired per%issions for
setting up FTP and given a tip on keeping users out of your confidential folders. There is
%ore to co%e. In the following 4 weeks I plan to cover+ II6 3ser IsolationG Managing
2irtual (irectories 0why can't I see the virtual directory that I created in %y FTP
progra%1G and how to have a logged in user only see and access so%e" but not all" of the
subfolders in a folder.
Part 1 7 ?edirecting 3sers
Part ; 7 Managing 2irtual (irectory 9 Physical (irectories
Part 4 7 The (oorway Folder Trick
Part 5 7 'o%ing soon

Con.ig)#ing IIS6 to +ost 0o)# Int#an"t7 E8t#an"t o# W"9 Sit".
(Win)#ws Ser*er 2003)
A9o)t Mi-#oso.t Int"#n"t In.o#/ation S"#$i-"s 6 .
Internet Inf#rmati#n Ser*i!es B (IISB) is the latest *ersi#n #f 9i!r#s#ft<s we- ser*er -un)le) with Win)#ws Ser*er 2003/ IISB
will all#w y#u t# =ui!"ly )e,l#y any num-er #f we-.-ase) Intranets& E6tranets #r We- Sites/
2# fin) #ut m#re a-#ut 9i!r#s#ft Internet Inf#rmati#n Ser*i!es B& *isit the f#ll#wing site:
htt,:++www/mi!r#s#ft/!#m+win)#wsser*er2003+iis+)efault/ms,6


1. Installing IIS6 on Wino!s S"#$"# %&&'(
If using the new style Start menu: li!" #n $Start%& $#ntr#l 'anel%& $()) #r Rem#*e 'r#grams% an) sele!t the
$())+Rem#*e Win)#ws #m,#nents% ta- #n the left.han) si)e/
If using the 0lassi!0 style Start menu: li!" #n $Start%& $Settings%& $#ntr#l 'anel%& $()) #r Rem#*e 'r#grams% an)
sele!t the $())+Rem#*e Win)#ws #m,#nents% ta- #n the left.han) si)e/
In the $Win)#ws #m,#nents Wi1ar)%& highlight the $(,,li!ati#n Ser*er% an) ,ress the $Details% -utt#n/ 2he s!reen
-el#w will -e )is,laye) (3ig 4)/


Fig)#" 1 * T+" A,,li-ation S"#$"# S-#""n
3irst& !he!" $(,,li!ati#n Ser*er #ns#le% an) $(S'/NE2%& then highlight the $Internet Inf#rmati#n Ser*i!es (IIS)% #,ti#n
an) ,ress $Details% (as sh#wn in 3ig 4 a-#*e)/
Fig)#" % * T+" Int"#n"t In.o#/ation S"#$i-"s (IIS) S-#""n
On the ne6t s!reen (3ig 2 a-#*e) we highlight $W#rl) Wi)e We- Ser*i!es% an) ,ress the $Details% -utt#n t# -ring us
#nt# the last s!reen/
Fig)#" ' * T+" Wo#l Wi" W"9 S"#$i-" S-#""n
I ma"e e6tensi*e use #f (S' files in my Intranet& s# I nee) t# sele!t the $(!ti*e Ser*er 'ages% #,ti#n (sh#wn in 3ig 3
a-#*e)/ (t this ,#int& y#u may wish t# !he!" thr#ugh the #ther #,ti#ns a*aila-le in the list an) sele!t them if they a,,ly
t# y#ur site/ D#n<t w#rry if y#u are unsure& y#u !an always !hange these #,ti#ns later/
li!" $O7% t# !l#se ea!h win)#w an) $Ne6t% t# install the newly.sele!te) !#m,#nents/ 8#u will -e as"e) t# insert y#ur
Win)#ws Ser*er 2003 )is"/ li!" $3inish% #n!e the installati#n is !#m,lete/
8#u ha*e n#w installe) Internet Inf#rmati#n Ser*i!es B/



Fig)#" 1 * W+"#" to .in t+" IIS Manag"#
%. W+"#" to .in t+" IIS Manag"#(
If y#u are using the new style Start menu& y#u !an rea!h the Internet Inf#rmati#n Ser*i!es !#ns#le -y !li!"ing $Start%&
$()ministrati*e 2##ls% an) sele!ting $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m the list in figure : a-#*e/
If y#u are using the $lassi!% style Start 9enu& y#u !an rea!h the !#ns#le -y !li!"ing $Start%& $'r#grams%&
$()ministrati*e 2##ls% an) sele!t $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m the list in figure : a-#*e/




Fig)#" 2 * Int"#n"t In.o#/ation S"#$i-"s (IIS) Manag"#
'. Int"#n"t In.o#/ation S"#$i-"s (IIS) Manag"#(
IIS; users will n#ti!e tw# new a))iti#ns t# the IIS 9anager/ 2he 3irst is the $We- Ser*i!e E6tensi#ns% s!reen whi!h
,r#*i)es !#ntr#l #*er whi!h file e6tensi#ns sh#ul) -e all#we) #r -l#!"e)/ 2he se!#n) is the $(,,li!ati#n '##ls% s!reen
whi!h all#ws a,,li!ati#ns t# run in is#late) mem#ry $'##ls% meaning that if #ne a,,li!ati#n has ,r#-lems& #thers are
n#t affe!te)/




Fig)#" 6 * C#"ating a N"! W"9 Sit" in IIS 6
1. C#"ating a N"! Sit" in IIS 6(
2he first tas" is t# )isa-le the $Default We- Site%/ 2# )# this& sele!t the $We- Sites% item in the left.han) ,ane then
right.!li!" #n the $Default We- Site% item in the right.han) ,ane an) sele!t $St#,% fr#m the list/ 2he Default We- Site is
n#w st#,,e)/
Ne6t& we nee) t# !reate a new site t# h#st #ur we- !#ntent/ 2# )# this& right.!li!" #n $We- Sites% in the left.han) ,ane
an) sele!t $New% an) $We- SiteD% as sh#wn a-#*e in figure B/
When the $Wel!#me t# the We- Site !reati#n Wi1ar)% s!reen a,,ears& !li!" ne6t/




Fig)#" 3 * Na/" 0o)# Sit"
2. Na/" 0o)# Sit"(
Sim,ly enter in a name f#r y#ur site in the -#6 an) ,ress 0Ne6t0 as sh#wn in 3igure E a-#*e/ 2his name is f#r
referen!e #nly an) sh#ul) hel, y#u l#!ate y#ur site in IIS 9anager/




Fig)#" 5 * C+anging t+" IP A#"ss
6. M"t+o o. A--"ss ()sing an IP a#"ss * R"-o//"n")(
2his meth#) sim,ly uses the I' a))ress (#r #ne #f the I' a))resses if m#re than #ne are !#nfigure)) #f the we- site t#
all#w users t# rea!h the site/
2# use this meth#)& all y#u nee) t# )# is sele!t an+the a*aila-le I' num-er fr#m the list an) lea*e the ,#rt settings #n
C0/
2# rea!h the site& *isit#rs will ha*e t# ty,e the I' a))ress htt,:++4?2/4BC/200/: int# their we- -r#wser/ 2hey !an als#
ty,e the ma!hine name in eg/ htt,:++su".sys:




Fig)#" 6 * C+anging t+" Po#t n)/9"#
3. M"t+o o. A--"ss ()sing Po#t n)/9"#s)(
In this !ase& n# a))iti#nal I' num-ers ha*e -een assigne) t# the Ser*er& s# all we ha*e t# w#r" with is 4?2/4BC/200/:/
@nf#rtunately& this is alrea)y -eing use) -y an#ther site s# we are g#ing t# h#st this ,arti!ular We- Ser*i!e fr#m '#rt
C4 instea) #f C0/ 2# *iew the site& users will ha*e t# enter htt,:++4?2/4BC/200/::C4 (the !#l#n )en#tes the ,#rt num-er)/




Fig)#" 1& * C+anging t+" :ost :"a"#
5. M"t+o o. A--"ss ()sing :"a"#s)(
5ea)ers all#w multi,le sites t# run fr#m #ne I' a))ress an) thr#ugh #ne ,#rt (C0)/ 2he a)*antage #f using 05#st
5ea)ers0 is that a large num-er #f sites !an -e h#ste) thr#ugh Fust 4 e6ternal I' a))ress/
2he re=uest is inter,rete) -y the ser*er an) the *isit#r is )ire!te) t# the !#rre!t site -ase) u,#n the @RA they entere)
an) NO2 Fust the I' a))ress it was translate) t# -y the DNS ser*er/
2his means that y#u nee) t# a)) the @RA (e6!lu)ing htt,:++) in the 05#st 5ea)er0 -#6 as sh#wn a-#*e/ In the !ase #f
my Intranet& I am entering 0intranet/sim#ngi-s#n/!#m0 s# *isit#rs will ty,e htt,:++intranet/sim#ngi-s#n/!#m t# a!!ess
the site/
5#we*er& this will mean that a DNS entry must e6ist f#r 0intranet/sim#ngi-s#n/!#m0 t# -e translate) t# the !#rre!t I'
a))ress an) r#ute t# #ur we- ser*er/ 2his will theref#re mean that y#u must als# ma"e this !hange t# y#ur DNS ser*er
if y#u ,lan t# use this meth#)/
>ef#re y#u -egin w#r"ing with 5#st 5ea)ers it is re!#mmen)e) that y#u !#rre!tly !#nfigure a DNS ser*er/ 2# g# t# the
DNS #nfigurati#n tut#rial #n this site& !li!" here/




Fig)#" 11 * T+" W"9 Sit" :o/" Di#"-to#0
6. D".ing 0o)# sit";s +o/" i#"-to#0 an !+o -an a--"ss it(
On!e y#u ha*e )efine) whi!h meth#) #f a!!ess y#u wish t# use& y#u nee) t# ,#int IIS at y#ur )efault h#me )ire!t#ry/
2his is ,retty self.e6,lanat#ry an) in this !ase is !:GInet,u-GintranetHli*e whi!h is the su-.)ire!t#ry <intranetHli*e<
l#!ate) in the <Inet,u-< )ire!t#ry with the : )ri*e #n the we- ser*er (S@7.S8S:)/
N#ti!e that I ha*e un!he!"e) <(ll#w an#nym#us a!!ess t# this We- Site</ 2his will ensure that any *isit#r will ha*e t#
enter their username& ,assw#r) an) D#main t# a!!ess the site fr#m #utsi)e the -uil)ing (i)eal f#r an E6tranet)/
If y#u )# n#t ,lan t# ma"e y#ur Intranet a*aila-le thr#ugh the Internet then it is ,r#-a-ly -est t# lea*e this -#6
!he!"e)/




Fig)#" 1% * W"9 Sit" A--"ss P"#/issions
1&. D".ining A--"ss P"#/issions(
2he #,ti#ns sh#wn in 3ig/B a-#*e are the )efault settings f#r IIS/ 2hese are fine f#r #ur Intranet/ 8#u !an set u,
se,erate a!!ess ,ermissi#ns f#r su-.)ire!t#ries later& su!h as a !gi.-in/ See <#nfiguring (!ti*e 'erl< #n the
<Intranet+E6tranet< main ,age f#r m#re inf#rmati#n/




Fig)#" 1' * T+" -o/,l"t" IIS6 Manag"# !it+ n"! !"9 sit"
11. T+" -o/,l"t" -on.ig)#ation o. IIS(
If y#u ha*e f#ll#we) these instru!ti#ns !#rre!tly& y#ur IIS )ial#gue -#6 sh#ul) l##" s#mething li"e 3ig 43 (a-#*e)/ 8#u
!an a)) as many e6tra we- sites as y#u li"e& -ut -ear in min) the a!!ess meth#) y#u ,lan t# use (!he!" se!ti#n B&
Ean) C)/
2# ma"e sure y#ur site is #,erati#nal& ma"e sure y#u ha*e a *ali) )efault/as, file in the h#me )ire!t#ry an) enter the
,re!#nfigure) a!!ess meth#) (htt,:++4?2/4BC/200/:+& htt,:++4?2/4BC/200/::C4+ #r htt,:++intranet/sim#ngi-s#n/!#m+)/


S"a#-+Si/on at Si/onGi9son.-o/
I5#meJ I3D DesignJ IWe- DesignJ IIntranet+E6tranetJ I'ers#nalJ
Design an) #ntent K Sim#n Li-s#n 2000 . 200B
IEmailJ ISite 9a,J ISear!hJ I'ri*a!yJ
2here are !urrently 43 users #nline/
http+99www.si%ongibson.co%9intranet9iis69
http+99www.si%ongibson.co%9intranet9actperl9
A9o)t A-ti$" Stat" A-ti$"P"#l.
'erl S!ri,ts were #n!e use) e6!lusi*ely #n MNIN.-ase) we- ser*ers& n#t any m#re/ (!ti*e 'erl all#ws LI
a,,li!ati#ns t# run #n Win)#ws.-ase) Ser*ers/ Of !#urse& we "n#w that LI a,,li!ati#ns are n#t as effi!ent
as (S' a,,s -ut it<s *ery easy t# fin) a free 'erl S!ri,t t# a)) e6tra fun!ti#nality t# y#ur site/
2# fin) #ut m#re a-#ut (!ti*e State (!ti*e'erl& *isit the f#ll#wing site:
htt,:++www/a!ti*estate/!#m


1. W+"#" to .in t+" Int"#n"t S"#$i-"s Manag"# Dialog)".
li!" #n <Start<& <'r#grams< an) then <()ministrati*e 2##ls</ 8#u<ll -e ,resente) with the -#6 y#u !an
see in 3ig/4 (a-#*e)/ Sele!t <Internet Ser*i!es 9anager</




%. T+" P#o,"#ti"s Dialog)"(
>y this time y#u sh#ul) -e familiar with the IIS #ns#le& s# l#!ating y#ur site in the list& right.!li!"ing #n
y#ur LI )ire!t#ry an) sele!ting ,r#,erties sh#ul)n<t ,#se a seri#us ,r#-lem/ 2he )ial#gue -#6 sh#wn
in 3ig/2 (a-#*e) sh#ul) a,,ear/




'. Con.ig)#ing 0o)# CGI a,,li-ation(
3irst #f all& y#u<ll nee) t# un!he!" <In)e6 this res#ur!e< -e!ause y#ur !gi.-in isn<t g#ing t# h#st anything
y#ur *isit#rs w#ul) want t# see/
Ne6t& !li!" #n <reate< (sh#wn in 3ig/2)/ 2his will -ring u, a )ial#gue n#t unli"e the #ne a-#*e (3ig/3)/
li!" #n <#nfigurati#n< an) ,r#!ee) t# the ne6t ste,/




1. T+" A,,li-ation Con.ig)#ation Dialog)"(
2his )ial#gue is sim,ly telling the ser*er h#w t# )eal with !ertain s!ri,t.-ase) files/ 8#u !an see that
as,/)ll ,r#!esses all (S' a,,li!ati#ns as well as DN& (S( an) s# #n//// 5#we*er& n#thing e6ists in
the list t# ,r#!ess LI a,,li!ati#ns/
li!" #n <())< an) ,r#!ee) t# the ne6t ste,/




2. A,,li-ation E8t"nsion Ma,,ing(
Enter the )etails sh#wn a-#*e/
2he E6e!uta-le is the ,ath t# the 'erl/e6e file& ()efault installati#n l#!ati#n sh#wn) an) the <Os Os< are
re=uire) -e!ause the ser*er nee)s t# "n#w firstly where the s!ri,t is l#!ate) an) se!#n)ly what the
s!ri,t ,arameters are/ If y#u )#n<t un)erstan)& )#n<t w#rry& Fust ma"e sure y#u in!lu)e them/
2he E6tensi#n (in this !ase /!gi) means that any file with this e6tensi#n in this )ire!t#ry will -e
,r#!esse) in this way& alth#ugh it may -e ne!essary t# als# in!lu)e an#ther a,,li!ati#n with /,l as the
e6tensi#n/ If that is ne!essary Fust re,eat all the ste,s an) a)) the e6tensi#n /,l instea) #f /!gi/
3inally& I<m g#ing t# limit what the a,,li!ati#n !an )# t# Fust <LE2< an) <'@2</ 2his is #nly a measure t#
,r#te!t the a,,li!ati#n against mali!i#us intent fr#m it<s users& n#t really ne!essary in this !ase& -ut
g##) ,ra!ti!e/




6. T+" -o/,l"t" A,,li-ation Con.ig)#ation Dialog)"(
If y#u ha*e f#ll#we) these instru!ti#ns !#rre!tly& y#ur (,,li!ati#n #nfigurati#n )ial#gue -#6 sh#ul)
l##" s#mething li"e 3ig B (a-#*e)/ 8#u !an a)) as many e6tra a,,li!ati#ns as y#u li"e& /,l w#ul) -e a
g##) start/


Con.ig)#ing P:P2 to #)n on IIS6.
(Win)#ws Ser*er 2003)
A9o)t P:P2.
'5'; is an 0O,en S#ur!e0 s!ri,ting language an) ,r#*i)es similar fun!ti#nality t# 9i!r#s#ft<s (S'/
O-*i#usly& -#th ha*e their a)*antages an) a !#m,aris#n #f the tw# te!hn#l#gies is #utsi)e the s!#,e #f this
tut#rial/ 5#we*er& a !#mm#n mis!#n!e,ti#n is that '5' is 0Ainu6 #nly0 an) n#t !#m,ati-le with 9i!r#s#ft
systems/
2# fin) #ut m#re a-#ut '5'& *isit the f#ll#wing site:
htt,:++www/,h,/net

1. G"tting t+" P:P2 ,a-<ag".
( *isit t# the www/,h,/net )#wnl#a)s ,age re*eals se*eral !h#i!es in the 0Win)#ws >inaries0 se!ti#n/
D#wnl#a) the 1i, ,a!"age ()etails -el#w):

'5' ;/0/: 1i, ,a!"age IE&:CC7-J
('lease n#te that later *ersi#ns may -e a*aila-le as y#u rea) this)
2he PI' ,a!"age is the ,referre) #,ti#n (when !#m,are) with the Installer) sim,ly -e!ause it in!lu)es
greater fun!ti#nality an) e6tensi#ns/ 5#we*er& this sh#ul) -e #-*i#us fr#m the mu!h greater )#wnl#a)
si1e/


%. E8t#a-ting t+" .il"s(
Fig)#" 1 * E8t#a-ting t+" .il"s
@n1i, the '5' ar!hi*e t# :G'5'; then !#,y 0,+,2ts.ll0 (highlighte) in 3igure 4 a-#*e) int#
:GWin)#wsGSystem32G
Ne6t& !#,y 0,+,.ini*#"-o//"n"0 t# :GWin)#wsG an) rename it 0,+,.ini0 (in :GWin)#wsG)/


'. Con.ig)#ing Int"#n"t In.o#/ation S"#$i-"s (IIS) Manag"#(
Fig)#" % * A--"ssing t+" =W"9 Sit"s P#o,"#ti"s= ialog)" 9o8 in IIS
If y#u are using the new style Start menu& y#u !an rea!h the Internet Inf#rmati#n Ser*i!es !#ns#le -y
!li!"ing $Start%& $()ministrati*e 2##ls% an) sele!ting $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m
the list/
If y#u are using the $lassi!% style Start 9enu& y#u !an rea!h the !#ns#le -y !li!"ing $Start%&
$'r#grams%& $()ministrati*e 2##ls% an) sele!t $Internet Inf#rmati#n Ser*i!es (IIS) 9anager% fr#m the
list/
2he first thing we nee) t# )# is tell IIS h#w it sh#ul) ,r#!ess '5' files/ 2# )# this& first right.!li!" #n
0We- Sites0 in the left.han) menu an) sele!t 0'r#,erties0 fr#m the list that a,,ears (as sh#wn in 3igure
2 a-#*e)/

Fig)#" ' * A,,li-ation Con.ig)#ation
On!e #,en& sele!t the 05#me Dire!t#ry0 ta- an) !li!" #n 0#nfigurati#n0/ ( similar win)#w t# figure 3
(a-#*e) will a,,ear/ li!" #n 0())0/
Fig)#" 1 * P:P A,,li-ation Ma,,ings
#m,lete the -#6 sh#wn in 3igure : (a-#*e) as sh#wn then ,ress 0O70/ If y#u see a message a,,ear
with a list #f 0hil) N#)es0 y#u sh#ul) !he!" them !arefully -ef#re sele!ting whi!h sh#ul) -e '5'.
ena-le)/ >e ,arti!ularly !areful if y#u are running 9i!r#s#ft E6!hange Outl##" We- (!!ess (OW() as
#*erri)ing the OW( Virtual Dire!t#ry settings will st#, it fr#m w#r"ingQ
IIS n#w "n#ws h#w t# ,r#!ess '5' files/ 5#we*er& it<s 0We- Ser*i!e E6tensi#ns0 rules still restri!t it
fr#m )#ing this/
Fig)#" 2 * W"9 S"#$i-" E8t"nsions
We n#w nee) t# !#nfigure 0We- Ser*i!e E6tensi#ns0 s# right.!li!" #n 0We- Ser*i!e E6tensi#ns0 in the
menu #n the left/ 2hen sele!t 0()) a new We- ser*i!e e6tensi#n///0 fr#m the list (as sh#wn in 3igure ;
a-#*e)
Fig)#" 6 * C#"ating a P:P !"9 s"#$i-" "8t"nsion
#m,lete the )ial#gue -#6 as sh#wn in 3igure B a-#*e/ 9a"e sure y#u !he!" the 0Set e6tensi#n
status t# (ll#we)0 !he!"-#6/ 2he 0E6tensi#n name:0 is #nly a referen!e an) hen!e !an -e anything .
'5' ma"es it easy t# i)entify in future th#ugh/
Fig)#" 3 * T+" -o/,l"t" W"9 S"#$i-" E8t"nsions !ino!
2he !#m,lete) 0We- Ser*i!e E6tensi#ns0 win)#w sh#ul) n#w l##" li"e figure E a-#*e/IIS n#w "n#ws
t# ,r#!ess '5' files an) #ur 0We- Ser*i!e E6tensi#ns0 ha*e ma)e it ,#ssi-le f#r '5' s!ri,ts t# run
freely/


1. Allo!ing in"8.,+, .il"s to #)n as a i#"-to#0 ".a)lt(
Fig)#" 5 * Con.ig)#ing 0o)# ".a)lt P:P -ont"nt ,ag"
Returning t# 0We- Sites 'r#,erties0 )ial#gue sh#wn in 3igure 2 we nee) t# sele!t the 0D#!uments0 ta-
an) !li!" #n 0())0/
2# ensure that in)e6/,h, )#!uments #,en as a )efault they sh#ul) -e a))e) as a 0#ntent 'age0 as
sh#wn in 3igure C/ 8#u !an& #f !#urse& !hange the im,#rtan!e #f '5' #*er (S' an) 529A )#!uments
t# suit y#ur site -ase) #n whi!h )#!ument ty,e sh#ul) ta"e ,referen!e/


TESTING...
Fig)#" 6 * R"s)lts.
reate a new te6t file an) rename it 0in)e6/,h,0/ 2his file sh#ul) !#ntain #ne line that rea)s:
<? phpinfo(); ?>
Sim,ly !#,y this file t# y#ur we- ser*er an) #,en it *ia y#ur fa*#urite we- -r#wser/ 8#u sh#ul) -e
,resente) with a ,age similar t# 3ig/ ? a-#*e/
etting up PHP7I>PI on Windows erver ;::4
Preface+
I showed you here how to set up PHP using the 'FI e*ecutable. ince then I've learnt
that the I>PI ()) %ay be faster and %ore secure" so this tutorial will show you how to
set up the I>PI ()) instead. 'redit and thanks goes to Ieith W. Mc'a%%on for
setting this up on his website" http+99%cca%%on.org9php9iis6Jinstall.php . Made visual
with per%ission fro% Ieith. o%ething to note is that these directions had in %ind
default 0un%odified1 >')s9Per%issions.
Method+
3n$ip the latest PHP KIP file to '+,PHP" and copy php.ini7reco%%ended fro% that folder
to '+,windows,php.ini" then copy php5ts.dll to '+,Windows,yste%4;
)oad II fro% the >d%inistrative tools in the 'ontrol Panel by clicking tart 7=
>d%inistrative Tools 7= II Manager 0or loading the 'ontrol Panel" entering the
>d%inistrative Tools folder" and double clicking II Manager1.
'lick the na%e of your co%puter then click DWeb ervice /*tensionsD" on the left side of
the %ain fra%e you will see a green arrow pointing to a link that says D>dd a new Web
service e*tension...D" click that link.
et the e*tension na%e to anything you'd like" put '+,PHP,sapi,php5isapi.dll as the
?e!uired file" also check Det status to allowedD
Fo to the directory you'd like to configure PHP for in the II Manager" right click it" and
select properties
'lick the 'reate button" set the /*ecute per%issions to Dcripts onlyD" then click the
'onfiguration button
'lick >dd. For the /*ecutable put 7 '+,PHP,sapi,php5isapi.dll for the /*tension put
D.phpD" set the verbs to all" and %ake sure the botto% check bo*es are checked
'lick BI and BI